{"id":"CVE-2020-7734","details":"All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.","aliases":["GHSA-mqwh-r366-4224","PYSEC-2020-227","SNYK-PYTHON-CABOT-609862"],"modified":"2026-04-10T04:28:09.506470Z","published":"2020-09-22T08:15:12.357Z","related":["SNYK-PYTHON-CABOT-609862"],"references":[{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-CABOT-609862"},{"type":"FIX","url":"https://github.com/arachnys/cabot/pull/694"},{"type":"EVIDENCE","url":"https://itsmeanonartist.tech/blogs/blog2.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/48791"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/arachnys/cabot","events":[{"introduced":"0"},{"last_affected":"56cfed43c006e145931f46cb68e316fbaccf75cd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.11.16"}]}}],"versions":["0.10.0","0.10.0b6","0.10.0b7","0.10.1","0.10.2","0.10.3","0.10.4","0.10.5","0.10.6","0.10.7","0.10.8","0.11.0","0.11.1","0.11.10","0.11.11","0.11.12","0.11.13","0.11.14","0.11.15","0.11.16","0.11.2","0.11.3","0.11.4","0.11.5","0.11.6","0.11.7","0.6.0","0.7.0","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4","0.8.5","0.8.6","0.9.0","0.9.1","0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7734.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L"}]}